{key}
- Template
{template}- Draft
{output}
#!/usr/bin/env python3 import argparse import hashlib import json import shlex import shutil from datetime import date from pathlib import Path from typing import Any from html_rendering import html_text from render_world_class_evidence_intake import build_intake from world_class_evidence_contract import DISALLOWED_REAL_ARTIFACTS from world_class_source_checks import build_source_checklist, summarize_source_checklist ROOT = Path(__file__).resolve().parent.parent SCRIPT_INTERFACE = "cli" SCRIPT_INTERFACE_REASON = "Prepares editable world-class evidence intake packets without counting drafts as accepted evidence." def rel_path(path: Path, root: Path) -> str: try: return str(path.resolve().relative_to(root.resolve())) except ValueError: return str(path.resolve()) def shell_path(path: Path, root: Path) -> str: return shlex.quote(rel_path(path, root)) def write_json(path: Path, payload: dict[str, Any]) -> None: path.parent.mkdir(parents=True, exist_ok=True) path.write_text(json.dumps(payload, ensure_ascii=False, indent=2) + "\n", encoding="utf-8") def has_glob_pattern(value: str) -> bool: return any(token in value for token in ("*", "?", "[")) def sha256_file(path: Path) -> str: digest = hashlib.sha256() with path.open("rb") as handle: for chunk in iter(lambda: handle.read(1024 * 1024), b""): digest.update(chunk) return digest.hexdigest() def requested_checklist_items(intake: dict[str, Any], evidence_keys: list[str]) -> list[dict[str, Any]]: items = intake.get("operator_checklist", []) if not evidence_keys: return items requested = set(evidence_keys) return [item for item in items if item.get("evidence_key") in requested] def template_result_by_key(intake: dict[str, Any]) -> dict[str, dict[str, Any]]: return {str(item.get("evidence_key")): item for item in intake.get("templates", [])} def copy_template( skill_dir: Path, output_dir: Path, item: dict[str, Any], template_results: dict[str, dict[str, Any]], overwrite: bool, ) -> dict[str, Any]: key = str(item.get("evidence_key", "")) template_result = template_results.get(key, {}) template_path = skill_dir / str(item.get("template_path", "")) output_path = output_dir / f"{key}.json" errors: list[str] = [] if template_result.get("status") != "pass": errors.append("template failed intake validation") if not template_path.exists(): errors.append("template file is missing") if errors: return { "evidence_key": key, "status": "skipped", "template_path": rel_path(template_path, skill_dir), "output_path": rel_path(output_path, skill_dir), "errors": errors, } if output_path.exists() and not overwrite: return { "evidence_key": key, "status": "exists", "template_path": rel_path(template_path, skill_dir), "output_path": rel_path(output_path, skill_dir), "errors": [], } output_path.parent.mkdir(parents=True, exist_ok=True) shutil.copyfile(template_path, output_path) return { "evidence_key": key, "status": "written", "template_path": rel_path(template_path, skill_dir), "output_path": rel_path(output_path, skill_dir), "errors": [], } def artifact_row(skill_dir: Path, evidence_key: str, pattern: str, path: Path, status: str) -> dict[str, Any]: exists = path.exists() is_file = exists and path.is_file() relative = rel_path(path, skill_dir) if exists else pattern contains_raw_content = relative in DISALLOWED_REAL_ARTIFACTS digest = sha256_file(path) if is_file and not contains_raw_content else "" row_status = status if status else ("ready" if is_file else "missing") if contains_raw_content: row_status = "raw-content-disallowed" return { "evidence_key": evidence_key, "source_pattern": pattern, "path": relative, "status": row_status, "exists": exists, "is_file": is_file, "sha256": digest, "artifact_ref_ready": bool(is_file and digest and not contains_raw_content), "copy_path": relative if is_file else "", "copy_sha256": digest, "contains_raw_content": contains_raw_content, "concrete_reference_required": has_glob_pattern(pattern), } def artifact_checklist_for_item(skill_dir: Path, item: dict[str, Any]) -> list[dict[str, Any]]: key = str(item.get("evidence_key", "")) must_collect = item.get("must_collect", {}) if isinstance(item.get("must_collect", {}), dict) else {} artifacts = must_collect.get("evidence_artifacts", []) if not isinstance(artifacts, list): return [] rows: list[dict[str, Any]] = [] for artifact in artifacts: pattern = str(artifact or "").strip() if not pattern: continue if Path(pattern).is_absolute() or ".." in Path(pattern).parts: rows.append( { "evidence_key": key, "source_pattern": pattern, "path": pattern, "status": "unsafe-path", "exists": False, "is_file": False, "sha256": "", "artifact_ref_ready": False, "copy_path": "", "copy_sha256": "", "contains_raw_content": False, "concrete_reference_required": True, } ) continue if has_glob_pattern(pattern): matches = sorted(path for path in skill_dir.glob(pattern) if path.is_file()) if not matches: rows.append( { "evidence_key": key, "source_pattern": pattern, "path": pattern, "status": "glob-no-match", "exists": False, "is_file": False, "sha256": "", "artifact_ref_ready": False, "copy_path": "", "copy_sha256": "", "contains_raw_content": False, "concrete_reference_required": True, } ) continue for match in matches: rows.append(artifact_row(skill_dir, key, pattern, match, "ready")) continue rows.append(artifact_row(skill_dir, key, pattern, skill_dir / pattern, "")) return rows def build_artifact_checklist(skill_dir: Path, items: list[dict[str, Any]]) -> list[dict[str, Any]]: rows: list[dict[str, Any]] = [] for item in items: rows.extend(artifact_checklist_for_item(skill_dir, item)) return rows def render_readme(report: dict[str, Any]) -> str: commands = report["commands"] lines = [ "# World-Class Evidence Submission Kit", "", f"Generated at: `{report['generated_at']}`", "", "This kit contains editable drafts for human and external evidence packets. Drafts are not accepted evidence.", "", "## Workflow", "", "1. Run the real provider, human review, native permission, or native client telemetry work first.", "2. Edit the matching JSON draft with only aggregate artifact references and provenance metadata.", "3. Set `template_only` to `false` only after real evidence exists.", "4. Set attestation booleans truthfully; do not include credentials, raw prompts, raw outputs, transcripts, notes, or private user content.", "5. Validate the packet before asking the ledger reviewer to accept it.", "", "## Commands", "", f"- validate intake: `{commands['validate_intake']}`", f"- refresh ledger: `{commands['refresh_ledger']}`", f"- guard public claims: `{commands['guard_claim']}`", "", "## Drafts", "", "| Evidence | Draft | Status |", "| --- | --- | --- |", ] for item in report["files"]: lines.append(f"| `{item['evidence_key']}` | `{item['output_path']}` | `{item['status']}` |") lines.extend(["", "## Execution Runbook", ""]) for item in report.get("evidence_items", []): must_collect = item.get("must_collect", {}) if isinstance(item.get("must_collect", {}), dict) else {} runbook = must_collect.get("runbook", []) lines.extend(["", f"### {item.get('label', item.get('evidence_key', 'Evidence'))}", ""]) if runbook: for step in runbook: lines.append(f"- `{step}`" if str(step).startswith("python3 ") or "=" in str(step) else f"- {step}") else: lines.append("- No source runbook listed.") lines.extend( [ "", "## Artifact Checklist", "", "Use these paths and SHA-256 digests when filling `artifact_refs`. Glob patterns are expanded into concrete files; submissions must reference concrete paths, not globs.", "", "| Evidence | Path | Status | SHA-256 |", "| --- | --- | --- | --- |", ] ) for item in report.get("artifact_checklist", []): digest = item.get("sha256") or "n/a" lines.append( f"| `{item['evidence_key']}` | `{item['path']}` | `{item['status']}` | `{digest}` |" ) lines.extend( [ "", "## Source Evidence Snapshot", "", "These checks explain why a draft is not ready for ledger acceptance yet. They mirror current aggregate reports and do not accept evidence by themselves.", "", "| Evidence | Check | Current | Expected | Status |", "| --- | --- | --- | --- | --- |", ] ) for item in report.get("source_checklist", []): lines.append( f"| `{item['evidence_key']}` | {item['label']} | `{item['actual']}` | `{item['expected']}` | `{item['status']}` |" ) lines.extend( [ "", "## Anti-Overclaim", "", "- This kit never marks ledger evidence as accepted.", "- Planned work, metadata fallback, pending review, and local command-runner output remain non-evidence.", "- A valid intake packet means ready for ledger review, not world-class completion.", ] ) return "\n".join(lines).rstrip() + "\n" def render_html_list(values: list[Any], empty: str) -> str: if not values: return f"
{html_text(command)}No submission drafts were requested.
" return "".join( """{template}{output}No required artifacts were listed for the requested evidence.
" return "".join( """{pattern}{sha}No source checks were listed for the requested evidence.
" return "".join( """{field}{actual}{expected}{html_text(item.get('blocking_reason', ''))}
{html_text(item.get('evidence_key', ''))}{html_text(item.get('submission_path', ''))}Use this cockpit to prepare human and external evidence packets. Drafts are not accepted evidence, and this page never changes the ledger result.
Copy concrete paths and SHA-256 digests from here into artifact_refs after real evidence exists. Glob patterns are expanded for operator convenience only.
This section shows current aggregate source checks. It explains remaining blockers without changing the ledger.